SSH v2 Configuration
- set up hostname
R1(config)#hostname R1
- configure domain-name
R1(config)#ip domain-name danpol.net
- specify rsa key-pair to be used for SSH
R1(config)#ip ssh rsa keypair-name SSH2
- generate ssh keys and enable SSH2 server
R1(config)#crypto key generate rsa usage-keys label SSH2 modulus 2048
The name for the keys will be: SSH2
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable…
[OK] (elapsed time was 2 seconds)
% Generating 2048 bit RSA keys, keys will be non-exportable…
[OK] (elapsed time was 1 seconds)
R1(config)#
*Jan 26 20:47:12.915: %SSH-5-ENABLED: SSH 1.99 has been enabled
- set maximum number of authentication-retries
R1(config)#ip ssh authentication-retries 2
- configure max time-out
R1(config)#ip ssh time-out 20
- disable ssh version 1
R1(config)#ip ssh version 2
- verify ssh configuration
R1#show ip ssh
SSH Enabled – version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 20 secs; Authentication retries: 2
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSvzZyBzW9Gbvci941zBDPfkojzBBPDBkgCoTmTtt8
mMQht/7dD2yVLD5nXblT98mIrH4yVG1WML96EP1J6tSFu1ErkRDsoJLiCU2WWsCdFyRWy9oV2YoHTch6………….
- limit transport protocol on vty lines to ssh
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
Banner
- configure banner login (it is displayed before login to system)
R1(config)#banner login $ ****** WARNING ******
Enter TEXT message. End with the character ‘$’.
$m and is the property of the Danpol company. It is for authorized use only.
………………………………………
$
- configure banner motd(Message of the Day)
R1(config)#banner motd $
Enter TEXT message. End with the character ‘$’.
Hey user, have a nice day!
$